Persona

What is it?

Persona is an identity verification platform that seeks to establish whether someone is who they claim to be, and then maintain that assurance over time through reverification. The platform combines a wide set of verification and enrichment primitives with configurable workflows that organizations can tailor to their specific risk tolerance and compliance requirements. Persona can be used for both customer/KYC and workforce identity verification use cases.

The verification primitives span several categories. For direct identity proofing, Persona offers government ID document verification (passports, drivers licenses, national IDs across 200+ countries), biometric selfie matching with active and passive liveness detection, NFC chip reads from e-passports and mobile drivers licenses (mDLs), and database lookups against government and commercial data sources including the US Social Security Administration’s eCBSV system.

For risk enrichment, Persona can perform phone risk assessments, email risk assessments, address lookups, social media profile analysis, adverse media screening, politically exposed person (PEP) checks, global watchlist and sanctions screening (covering 100+ lists including OFAC), crypto wallet watchlist checks, and business verification lookups. Persona also offers KYB (Know Your Business) workflows that combine business entity verification with individual beneficial owner verification and business-specific adverse media and watchlist screening.

All of this is exposed through a REST API and embeddable front-end components (hosted flow, embedded flow, mobile SDKs for iOS and Android). Organizations build workflows using a no-code editor that chains verification steps together and routes results through automated decision logic or manual review queues.

Why did they build it?

Identity verification has traditionally been either manual (humans reviewing scanned documents) or outsourced to monolithic KYC vendors that offer little configurability. Neither of which are fit for purpose in the era of generative AI. Persona reported blocking over 75 million AI-based face spoofing attempts across its platform in 2024 alone, and has tracked a 50-fold increase in deepfake attacks over recent years.

The DPRK IT worker infiltration problem, where North Korean operatives use synthetic or stolen identities to get hired at Western technology companies, has made workforce identity verification a security concern rather than just a compliance checkbox. Persona addresses both sides: customer-facing KYC/KYB for regulated industries (fintech, crypto, marketplaces) and workforce identity verification for HR onboarding, account recovery, and ongoing re-verification throughout the employee lifecycle.

How does initial identity establishment work?

The core unit is an “inquiry,” a configurable sequence of verification steps. An organization defines which checks to run and in what order using the workflow builder. A typical onboarding flow might require a government ID capture, followed by a selfie capture with liveness detection, followed by a database cross-reference to validate the extracted document data against authoritative sources. Additional steps such as phone and email risk checks, watchlist screening, or adverse media reports can be enabled depending on the risk profile.

Each step produces structured data and a pass/fail determination. Liveness detection uses active challenges (asking the user to turn their head or blink) and passive analysis of device signals, image metadata, and biometric consistency to detect presentation attacks, injection attacks, and synthetic media. The government ID verification extracts data via OCR and validates document authenticity by analyzing security features, font consistency, and template matching against known document types. Results feed into the workflow engine, which can auto-approve, auto-decline, or route to human review based on configurable rules.

Once an individual passes verification, Persona creates an Account record that stores their verified identity data, biometric reference (the selfie and document photo from the initial verification), and the full history of verification interactions. This Account becomes the anchor point for all future identity assertions about that person.

How does reverification and identity continuity work?

Verifying someone’s identity at onboarding gives you a snapshot of who they are at that moment, but identity risk changes over time. Someone who was cleared at signup might later appear on a sanctions list. An employee who verified their identity at hiring might have their credentials compromised six months later. The candidate you verified when the offer was signed might not be the same person who turns up for work a month later.

Persona’s Account system enables reverification at any trigger point in a user’s lifecycle. Organizations can prompt a user to re-verify during account recovery, before a high-value transaction, during privilege escalation, or on a periodic schedule. When a reverification is triggered, the system captures a new selfie and compares it against the biometric reference stored from the original verification. The new selfie must match both the government ID photo and the previous selfie, establishing continuity and ensuring the person presenting themselves now is the same person who originally proved their identity.

Beyond biometric reverification, Persona supports continuous monitoring through recurring reports. Organizations can schedule watchlist, sanctions, PEP, and adverse media checks to run against their Account base on a recurring cadence (monthly, quarterly, annually). If an Account that previously cleared screening later appears on a watchlist or in adverse media, the system flags it automatically. This turns identity verification from a one-time gate into an ongoing assurance that the person you are dealing with is still who they claimed to be, and that their risk profile has not changed.

For workforce use cases, this reverification capability integrates directly with IAM platforms including Okta Workforce Identity Cloud and Cisco Duo, embedding high-assurance biometric re-verification into authentication flows. An organization can require step-up identity verification when an employee accesses sensitive systems, recovers an account, or triggers a behavioral anomaly. This is specifically designed to counter scenarios where an attacker has compromised credentials or where a fraudulent hire has passed initial screening.

What is Graph, and how does it detect fraud rings?

Persona Graph is a visual link analysis tool that maps relationships between accounts based on shared attributes and behavioral signals. When users complete verifications, the platform captures metadata including device fingerprints, IP addresses, email addresses, phone numbers, biometric embeddings, and document data. Graph connects accounts that share these attributes, surfacing clusters that may indicate coordinated fraud. Graph provides interactive visualizations, query templates, and the ability to import custom data for cross-referencing. Findings can feed back into workflows to automatically block accounts associated with confirmed fraud rings.

What is Persona Connect?

Persona Connect is a portable identity layer that allows verified identity data to be reused across different organizations. Once a user has completed identity verification with one Persona customer, that verification can be shared (with user consent) to other organizations that use Persona, eliminating the need to repeat the full verification process from scratch. The user creates a “Reusable Persona” secured with passkeys, and can present their verified identity to new services without re-submitting documents. This reduces friction for legitimate users while maintaining the verification assurance chain, since the original identity proofing and biometric data are carried forward rather than starting fresh.

Risky Business appearances

Sources

Disclosure

Persona appeared on Snake Oilers, which is a paid segment.